1. Introduction

This document explanins how to give your consent to the release of attributes to Service Provider (in short, SP) via uApprove Jet Pack 4.0 (in short, uApproveJP).
The user consent steps are as follows:

  1. Login to the IdP.
  2. Select the optional attributes to be released to Service and confirm it.
  3. The attributes are released to the Service.

2. Operation flow

2.1 Login to the IdP

When using SP, redirect from SP to IdP of your organization, and log in to IdP.

Below is a sample of IdP with password authentication.

If you want to reset attribute release approvals, you have to check the checkbox "Clear my attribute release consent". See 3. Reset-approvals for details.

2.2 Optional attribute selection

This page shows information about you that will be released to the SP(figure 2).

  • Mandatory/optional information for using the service
    You can select the optional attributes to be released to SP from the list by checking the box.
    Attributes with grayed-out checkboxes are sent to SP always after confirmation. You cannot refuse release of them.
     

The meaning of the icon placed beside the attributes is as follows:  

IconDescription

indicates that how to use this attribute is provided by SP.

by clicking this icon, short description is displayed to the next line.

In addition, it is required to decide the policy of the release of attributes. You must choose a policy with the radio buttons:

  • I agree to send my information this time.
    You can confirm the information that will be released to this SP, on every login session.
  • I agree that the same information will be sent automatically to this service in the future. (default)
    Allow to send the selected information when you use this SP again, automatically.
    If next time you use this SP, this page will not display again unless the attributes on the agreed have been changed. See 2.2.1 Review the attributes change for if  the attributes to have agreed changed.
  • I agree that all of my information will be released to any service.
    Allow to send all attributes to any SP automatically. If you choose this, all the optional attributes will be checked and can not be unchecked.
    This page will never displayed again, even if the attributes on the agreed are changed or new attributes are added.

After selecting attributes and choosing a policy, you click the "Accept" button to proceed.

If you clicked the "Reject" button, your web browser will display messages indicating that the service is not available.

2.2.1 Review the attributes change

When any of the following conditions is satisfied on the SP where "I agree that the data same as this time will be sent automatically to this service in the future." option is applied, auto attributes sending is stopped and this review page (figure 2) is displayed.

  • The value of selected attribute has been modified
  • An optional attribute which is not allowed to release before is changed to mandatory
  • An optional attribute has been added

In this page, radio button "I agree that the same information will be sent automatically to this service in the future." is checked as the default value.

Even if you cancel login by selecting "Reject" at modified attribute selecting page, your previous agreed information is still preserved.

2.3 Release of information

Mandatory attributes and selected optional attributes are sent to the SP.

You are redirected to SP, this involves the attributes release, and your web browser should display the page after logged into the SP. For example, the SP for testing shows the information received as shown in figure 3.

3. Reset-approvals

When you logged in with checking "Clear prior granting of permission for release of your information to this service." on login page, the information below is resetted and optional attribute selection(figure 2) will be displayed.

  • Approval by selecting "I agree that the same information will be sent automatically to this service in the future."
  • Approval by selecting "I agree that all of my information will be released to any service."

4. Difference from previous uApproveJP

4.1 Difference from uApproveJP 3.4

The following points are different between uApproveJP 4.0 and uApproveJP 3.4.

  • The order of attributes (required attributes and optional attributes mixed) has been changed so that optional attributes are listed after required attributes are listed.

4.2 Difference from uApproveJP 2.5

The following points are different between uApproveJP 3.4 and uApproveJP 2.5.

  • Not implemented: preserve checkbox state when displaying the attribute selection page again.
    The page is always displayed with all the checkboxes unchecked.
  • A new condition is added in section 2.2.1:
    • An optional attribute has been added
  • Due to a restriction of Shibboleth IdP 3, you should enable includeAttributeStatement in SAML1 to display the consent page.


  • ラベルがありません